Skip to content

Latest commit

 

History

History
119 lines (99 loc) · 4.16 KB

installation.md

File metadata and controls

119 lines (99 loc) · 4.16 KB

Installation

From packages

Two package flavors are available, standard and hardened. As a rule of thumb, the hardened flavor will be slightly more secure but will suffer from a larger overhead.

The table below describes each package flavor and their characteristics:

Flavor Package Description
Standard enroot

Main utility, helper binaries and standard configuration files.

  • Open file descriptors are inherited
  • Spectre variant 2 (IBPB/STIBP) mitigations are disabled
  • Spectre variant 4 (SSBD) mitigations are disabled
enroot+caps Grants extra capabilities to unprivileged users which allows
them to import and convert container images.
Hardened enroot-hardened Main utility, helper binaries and standard configuration files.
enroot-hardened+caps Grants extra capabilities to unprivileged users which allows
them to import and convert container images.

Standard flavor

# Debian-based distributions
arch=$(dpkg --print-architecture)
curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.2.0/enroot_3.2.0-1_${arch}.deb
curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.2.0/enroot+caps_3.2.0-1_${arch}.deb # optional
sudo apt install -y ./*.deb

# RHEL-based distributions
arch=$(uname -m)
sudo yum install -y epel-release # required on some distributions
sudo yum install -y https://github.com/NVIDIA/enroot/releases/download/v3.2.0/enroot-3.2.0-1.el7.${arch}.rpm
sudo yum install -y https://github.com/NVIDIA/enroot/releases/download/v3.2.0/enroot+caps-3.2.0-1.el7.${arch}.rpm # optional

Hardened flavor

# Debian-based distributions
arch=$(dpkg --print-architecture)
curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.2.0/enroot-hardened_3.2.0-1_${arch}.deb
curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.2.0/enroot-hardened+caps_3.2.0-1_${arch}.deb # optional
sudo apt install -y ./*.deb

# RHEL-based distributions
arch=$(uname -m)
sudo yum install -y epel-release # required on some distributions
sudo yum install -y https://github.com/NVIDIA/enroot/releases/download/v3.2.0/enroot-hardened-3.2.0-1.el7.${arch}.rpm
sudo yum install -y https://github.com/NVIDIA/enroot/releases/download/v3.2.0/enroot-hardened+caps-3.2.0-1.el7.${arch}.rpm # optional

From source

Install the build dependencies and clone the repository:

# Debian-based distributions
sudo apt install -y git gcc make libcap2-bin libtool automake

# RHEL-based distributions:
sudo yum install -y git gcc make libcap libtool automake

# Archlinux-based distributions:
sudo pacman --noconfirm -S git gcc make libtool automake

git clone --recurse-submodules https://github.com/NVIDIA/enroot.git

Install the runtime dependencies:

# Debian-based distributions
sudo apt install -y curl gawk jq squashfs-tools parallel
sudo apt install -y fuse-overlayfs libnvidia-container-tools pigz squashfuse # optional

# RHEL-based distributions
sudo yum install -y epel-release # required on some distributions
sudo yum install -y jq squashfs-tools parallel
sudo yum install -y fuse-overlayfs libnvidia-container-tools pigz squashfuse # optional

# Archlinux-based distributions
sudo pacman --noconfirm -S jq parallel squashfs-tools
sudo pacman --noconfirm -S fuse-overlayfs libnvidia-container-tools pigz squashfuse # optional

Build and install Enroot:

cd enroot
sudo make install

In order to allow unprivileged users to import images:

sudo make setcap